Docket No. 1999-0053 



What is claimed is: 

K A meihod of provisioning a user's broadband telephony 
interface comprising the steps of: 

receiving information authenticating a provisioning server; 
establishir^ a communication channel between the user and the 
provisioning server over which is transmitted authorization information from the 
user to the provisioning ssrver; and 

encrypting and transmitting a cryptographic key associated with 
the user to the provisioning server. 

2. The method of claim 1 wherein the communication channel is a 
voice channel connection. 

3. The methbd of claim 2 wherein the communication channel is 
encrypted using an audio chamnel key which is encrypted and transmitted to the 
provisioning server prior to establishing the communication channel. 

4. The methodl of claim 3 wherein the cryptographic key 
associated with the user is encrypted using a session key which is encrypted and 
transmitted to the provisioning server prior to establishing the communication 
channel. 

5. The method ©f claim 4 wherein the session key and the audio 
channel key are encrypted using! a cryptographic key that is encrypted using a 
cryptographic key associated wim the provisioning server and transmitted to the 
provisioning server with the enciWpted session and audio channel key. 

6. The method oflclaim 5 wherein the cryptographic key 
associated with the provisioning server is received with the information 
authenticating the provisioning sewer. 

7. The method of qlaim 6 wherein a random nonce is included 
with the encrypted session key. 
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1 8. The method of claim 1 wherein the information authenticating 

2 the provisioning server isla digital certificate, 

1 9. The mdthod of claim 1 wherein the cryptographic key 

2 associated with the user isk symmetric key. 

1 10. The metnod of claim 1 wherein the cryptographic key 

2 associated with the user is a public key corresponding to a private key stored in 

3 the broadband telephony interface. 

1 11. The method of claim 1 wherein a hash is included with each 

2 transmission, 1 

1 12. A broadband telephony interface comprising: 

2 ^ first interface to a user telephone; 

3 a second interface to a communication network with access to a 

4 provisioning server; 1 

5 memory for storing cryptographic keys; 

6 a processor connected to the memory and the first and second 

7 interfaces for executing program instructions, the program instructions causing the 

8 processor to perform the steps of: 

9 receiving information authenticating the provisioning 

10 server; 1 

1 1 establishing a communication channel between the user 

12 telephone and the provisioning server over which is transmitted 

13 authorization information ifrom the user to the provisioning server; and 

14 encrypting and transmitting a cryptographic key associated 

15 with the user to the provisioning server. 

1 13. The broadband xelephony interface of claim 12 wherein the 

2 communication channel is a voice channel connection. 
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1 14. The broadband telephony interface of claim 13 wherein the 

2 communication channel is encrypted using an audio channel key which is 

3 encrypted and transmitted to\the provisioning server prior to establishing the 

4 communication channel. 

1 15. The broadband telephony interface of claim 14 wherein the 

2 cryptographic key associated with the user is encrypted using a session key which 

3 is encrypted and transmitted to jfhe provisioning server prior to establishing the 

4 communication channel. 

1 16. The broadbanjd telephony interface of claim 15 wherein the 

2 session key and the audio channel key are encrypted using a cryptographic key 

3 that is encrypted using a cryptognaphic key associated with the provisioning server 

4 and transmitted to the provisioning server with the encrypted session and audio 

5 channel key. 

1 17. The broadband Itelephony interface of claim 16 wherein the 

2 cryptographic key associated with the provisioning server is received with the 

3 information authenticating the provisioning server. 

1 18. The broadband telephony interface of claim 17 wherein a 

2 random nonce is included with the encrypted session key. 

1 19. The broadband telephony interface of claim 12 wherein the 

2 information authenticating the provisioning server is a digital certificate. 

1 20. The broadband tilephony interface of claim 12 wherein the 

2 cryptographic key associated with tie user is a symmetric key. 

1 21. The broadband t slephony interface of claim 12 wherein the 

2 cryptographic key associated with tne user is a public key corresponding to a 



3 private key stored in the broadband 



elephony interface. 
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22. The broeidband telephony interface of claim 12 wherein a hash 
is included with each transnhission. 




23/A method 



receiving a nsquest to be provisioned from a broadband telephony 



authentication information to the broadband telephony 



transmitting 



receivmg 
established between a user < 
provisioning server; and 

receiving an 
from the broadband telephi 



authorization information over a communication channel 
the broadband telephony interface and the 



25. The methbd 
encrypted using an audio chinnel 
telephony interface prior to 



of operating a provisioning server comprising the 



( mcrypted cryptographic key associated with the user 
interface. 



ony 



1 24. The meth|od of claim 23 wherein the communication channel is 

2 a voice channel connection. 



of claim 24 wherein the communication channel is 
key which is received from the broadband 
dstablishing the communication channel. 



26. The method of claim 25 wherein the cryptographic key 
associated with the user is encrypted using a session key which is received from 
the broadband telephony interface prior to establishing the communication 



channel. 

27. The meth(|)d 
associated with the 
interface and the session key 
using the cryptographic key 



of claim 26 wherein a cryptographic key 
provisioifmg server is transmitted to the broadband telephony 
and the audio channel key are received encrypted 
associated with the provisioning server. 
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28. The method of clami 27 wherein the cryptographic key 
associated with the provisioning seyver is transmitted with the authentication 
information to the broadband telephony interface. 

29. The method^ of claim 28 wherein a random nonce is included 
with encrypted session key mid audio channel key. 

30. The method of claim 23 wherein the authentication information 
is a digital certificate. / 

3 1 . Tne method of claim 23 wherein the cryptographic key 
associated with th^user is a symmetric key. 

32. The method of claim 23 wherein the cryptographic key 
associated withf the user is a public key corresponding to a private key stored in 
the broadband telephony interface. 

/ 33. The method of claim 23 wherein a hash is included with each 
transmission. 
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